Privacy Policy

Effective date: May 2026

Sovereign Industry Report ("S.I.R.", "we", "us", or "our") operates www.thesir.app. This Privacy Policy describes how we collect, use, and protect your information when you use our platform.

S.I.R. is currently offered as a public beta. Features, data coverage, and retention details may change as we improve the service. We will update this page when material changes affect how we handle your information.

1. Information We Collect

We collect the following types of information:

• Account information: Email address, display name, and hashed password (for email registration). For OAuth users (Google or Discord), we receive your OAuth identity and profile name.
• Multi-factor authentication: If you enable MFA, we store TOTP enrollment data for your account security.
• User-generated content: Forum posts, chat messages, poll responses, representative ratings, bug reports, and bill follow/watch selections.
• Technical data: Authentication session cookies, device trust cookies (for MFA), error logs, and localStorage preferences (UI settings, cookie consent choice, feature tour state).

2. How We Use Your Information

• Account management: Creating and maintaining your account, authenticating your identity, and managing your display name.
• Platform features: Enabling forum participation, bill tracking, representative ratings, chat, polls, and personalized feeds.
• Security: Device trust verification for multi-factor authentication, rate limiting, and abuse prevention.
• Bill summaries: We use the Google Gemini API at build time to generate bill summaries and classification data. Only publicly available legislative text is processed — no user data is sent to Google for this purpose.
• Email notifications: If you opt into bill alerts or newsletters, we send transactional emails via Resend. Your email address is shared with Resend solely for delivery of messages you have requested.

3. Third-Party Services

We use the following third-party services to operate S.I.R.:

• Supabase: Authentication, database hosting, and row-level security. Your account data and user-generated content are stored in Supabase.
• Google OAuth: Optional sign-in method. We receive your name and email from Google when you choose to sign in with Google.
• Discord OAuth: Optional sign-in method. We receive your username and email from Discord when you choose to sign in with Discord.
• Google Gemini API (Google LLC): Used at build time to summarize and classify legislative bill text. Only public legislative text is processed — no user data is sent to Google.
• Resend: Transactional email delivery for bill alerts and newsletters. Your email address is shared with Resend when you opt into email notifications.
• Umami Analytics: Privacy-focused, cookie-free page analytics. Umami collects anonymous page view counts and referrer data — no personally identifiable information is collected or shared.
• LegiScan API: Source of legislative bill data. No user data is sent to LegiScan.
• Open States API: Source of state representative and legislator data, and legislative bill data for kratom and peptides industries. No user data is sent to Open States.
• DigitalOcean: Application hosting. Your requests are processed on DigitalOcean servers.

4. Cookies and Local Storage

We use the following cookies and local storage items:

• Essential cookies: Supabase authentication session cookie (required for login) and device trust cookie (required for MFA verification). These cannot be disabled.
• Local storage: UI preferences (theme, sidebar state), cookie consent choice, and feature tour completion state. These are stored only in your browser and are not transmitted to our servers.

We do not use third-party tracking cookies or advertising cookies. Non-essential cookies, if introduced in the future, will be gated by a consent banner.

5. Data Retention

• Account data: Retained until you delete your account.
• Activity logs: Retained for 90 days, then automatically purged.
• Error logs: Retained for 30 days.
• User-generated content: Forum posts, chat messages, and ratings persist until you manually delete them or delete your account.

6. Your Rights

You have the right to:

• Access your personal data through your account settings.
• Correct your display name and profile information at any time.
• Delete your account and associated data by contacting us at [email protected].

We will respond to data requests within 30 days.

7. Payments and paid features (current status)

During this public beta, S.I.R. does not sell paid subscriptions or process in-app payments. We do not collect payment card numbers, bank account details, or billing addresses for checkout because paid checkout is not enabled. If we introduce paid tiers after beta, we will update this Privacy Policy before the first charge, describe what payment data is collected and by which processor, and explain how to manage or cancel billing.

8. Data We Do NOT Collect

• Payment card or bank payment credentials (none collected while paid checkout is unavailable)
• Precise location or GPS data
• Browsing history outside of S.I.R.
• Third-party advertising or tracking cookies

9. Data Sources and Attribution

Legislative bill data displayed on S.I.R. is aggregated from publicly available sources:

• LegiScan (legiscan.com) — Legislative bill tracking data for all 50 states.
• Open States (openstates.org) — State representative and legislator data, and legislative bill data for kratom and peptides industries.

Individual bill detail pages include source attribution linking to the original data provider. S.I.R. generated bill summaries are produced at build time using publicly available legislative text and may contain inaccuracies. Always verify with official state legislature sources.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be announced via a site notification. The "Effective date" at the top of this page will be updated accordingly. Continued use of S.I.R. after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at [email protected].

Disclaimer: S.I.R. provides legislative data for informational purposes only. The bill information, S.I.R. generated summaries, and representative data displayed on this platform do not constitute legal advice. Always consult official state legislature sources and qualified legal counsel for decisions related to legislation.